Overview

overview

7

Static

static

3

53e1fadebd...94.exe

windows7-x64

7

53e1fadebd...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2024 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53e1fadebd2380f5bf8e978805cb5894.exe

  • Size

    75KB

  • MD5

    53e1fadebd2380f5bf8e978805cb5894

  • SHA1

    1c680a822abaaf3a51920784817b5952e6cac7e3

  • SHA256

    ec514956a3205edb1563469b186ab9f84149bd511e66537fcdf235bdb97d09f6

  • SHA512

    f97bb9753fe1c82cc7c3a9b093d571c815618c9b6ee9805de7f4152a1329e863c556d6aae47839525a45fd501daf00bdc095d01efa85f7a56adc1fd4b473a8ce

  • SSDEEP

    1536:M3isq3QFioUa9+b1tFhHDtJk+Px9zMNkXV/3CsOaNo:HMl41P3Jk+Px9zMCXQaNo

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe
    "C:\Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe.exe
      C:\Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe.exe
      2⤵
      • Executes dropped EXE
      PID:2736
    • C:\Windows\SysWOW64\reg.exe
      reg add "hkcu\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v "load" /t reg_sz /d "C:\Windows\system\svchost.exe" /f
      2⤵
        PID:2772

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
      Filesize

      195KB

      MD5

      e4f28a7d0c89afc04ace82bd7d0bacbd

      SHA1

      2eb60c52f2a6569a28bed3ca934a11893bad511e

      SHA256

      499d0f47d4447f7576c4568da9eaa1f38d27a0753559e5d3c8c1c1ac086294eb

      SHA512

      38a88ab28a2fe03d7c0f2063ca78fbce28c1a7b92ce5c05bedfc4666133ce7397bb884dbee84270b6e3912d6c6c2f500bab77e634007535aa7dbe46f97d5dc59

      Download Submit

    • \Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe.exe
      Filesize

      25KB

      MD5

      20302bdd9014907685cb8a480534e509

      SHA1

      02a9e9b31f6947541374690a52dcfb77a7098a85

      SHA256

      e97942c4844f95818c3a4f6a7997e1b1583459a257fea32b73bb0868530bfe43

      SHA512

      3b4360e40eff478b6eef9ee0dde032e348e4c32a27a2048d1a4c8c0dfce68389dbd031e96af37edf2d9411a70bfe166e55e26a25b633b62f7e42467c923f286f

      Download Submit

    • memory/2444-387-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-404-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-295-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-322-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-342-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-363-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-243-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-267-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-421-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-434-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-453-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-470-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-484-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2444-500-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download